QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3956

Published: Jan 13, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

acrobat-reader-unspec-xss(55554)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=554296

x_refsource_CONFIRM

http://www.adobe.com/support/security/bulletins/apsb10-02.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

SUSE-SA:2010:008

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_CERT

oval:org.mitre.oval:def:8327

vdb-entry

signature

x_refsource_OVAL

http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.